[PATCH kmod] libkmod: avoid undefined behaviour in libkmod-builtin.c:get

linux-modules.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH kmod] libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string
@ 2024-08-13 14:17 Eugene Syromiatnikov
  2024-08-13 17:19 ` Lucas De Marchi
  0 siblings, 1 reply; 2+ messages in thread
From: Eugene Syromiatnikov @ 2024-08-13 14:17 UTC (permalink / raw)
  To: linux-modules

Static analysis has reported a potential UB:

    kmod-31/libkmod/libkmod-builtin.c:125: use_invalid: Using "nullp", which points to an out-of-scope variable "buf".
    #  123|   	size_t linesz = 0;
    #  124|
    #  125|-> 	while (!nullp) {
    #  126|   		char buf[BUFSIZ];
    #  127|   		ssize_t sz;

It seems to be indeed an UB, as nullp is getting assined an address
inside object buf, which has a lifetime of the while loop body,
and is not available outside of it (specifically, in the while
condition, where nullp is checked for NULL).  Fix it by putting
buf definition in the outer block.
---
 libkmod/libkmod-builtin.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
index fd0f54923a48..40a7d6142d03 100644
--- a/libkmod/libkmod-builtin.c
+++ b/libkmod/libkmod-builtin.c
@@ -105,11 +105,11 @@ static off_t get_string(struct kmod_builtin_iter *iter, off_t offset,
 			char **line, size_t *size)
 {
 	int sv_errno;
+	char buf[BUFSIZ];
 	char *nullp = NULL;
 	size_t linesz = 0;
 
 	while (!nullp) {
-		char buf[BUFSIZ];
 		ssize_t sz;
 		size_t partsz;
 
-- 
2.28.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH kmod] libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string
  2024-08-13 14:17 [PATCH kmod] libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string Eugene Syromiatnikov
@ 2024-08-13 17:19 ` Lucas De Marchi
  0 siblings, 0 replies; 2+ messages in thread
From: Lucas De Marchi @ 2024-08-13 17:19 UTC (permalink / raw)
  To: linux-modules, Eugene Syromiatnikov; +Cc: Lucas De Marchi


On Tue, 13 Aug 2024 16:17:27 +0200, Eugene Syromiatnikov wrote:
> Static analysis has reported a potential UB:
> 
>     kmod-31/libkmod/libkmod-builtin.c:125: use_invalid: Using "nullp", which points to an out-of-scope variable "buf".
>     #  123|   	size_t linesz = 0;
>     #  124|
>     #  125|-> 	while (!nullp) {
>     #  126|   		char buf[BUFSIZ];
>     #  127|   		ssize_t sz;
> 
> [...]

Applied, thanks!

[1/1] libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string
      commit: 5c22362b6b97af9c6b7587f0c3450001e9893115

Best regards,
-- 
Lucas De Marchi <lucas.de.marchi@gmail.com>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-08-13 17:19 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-13 14:17 [PATCH kmod] libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string Eugene Syromiatnikov
2024-08-13 17:19 ` Lucas De Marchi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).